After setting up a cluster, will the servers automatically sync any lists they already have or do they only sync new entries?
Also, with regard to the config... same question. I have set a Master and an initial slave... and communication appears to be OK. What I'm asking is do I have to do anything to have the slave sync with the master's config or will this happen by itself.
Initial Cluster Set-up
Re: Initial Cluster Set-up
OK, have somewhat answered my own question through trial and error... current lists are not auto-synced. However I did make a couple of discoveries...
IMPORTANT: Cluster_Config must be set to "1" even on the Master server in order for the Cluster Config and Cluster Restart buttons to appear on the UI. Even though the description says...
"This option allows the enabling and disabling of the Cluster configuration
changing options --cconfig, --cconfigr, --cfile, --ccfile sent from the
CLUSTER_MASTER server"
... the "sent from" part is somewhat misleading.
Two anomalies I have run into:
1) Regardless of the LF_TRIGGER_PERM setting you have on your Master and Slave servers (providing LF_TRIGGER is > 0), the Slave servers will only block the IP for 3600 secs. I have all set for 3 and 172800 (aggressive, I know), however when sharing a blocked IP, the slaves report "*Blocked in csf* for 3600 secs [LF_CLUSTER]"
LF_CLUSTER does not appear to be a field one can edit, if that indeed would help.
2) Cluster PINGS are being rejected for some reason, one way only, between a couple of the server relationships. (One cannot reach two of the five, another cannot reach one of them) I can ping successfully if I SSH to the server and use CMD line, however when using the Configserver UI, the PING fails. Therefore, info is not shared in those two server relationships and in that direction.
Any suggestions appreciated. I have checked settings... there are no IP blocks etc.
IMPORTANT: Cluster_Config must be set to "1" even on the Master server in order for the Cluster Config and Cluster Restart buttons to appear on the UI. Even though the description says...
"This option allows the enabling and disabling of the Cluster configuration
changing options --cconfig, --cconfigr, --cfile, --ccfile sent from the
CLUSTER_MASTER server"
... the "sent from" part is somewhat misleading.
Two anomalies I have run into:
1) Regardless of the LF_TRIGGER_PERM setting you have on your Master and Slave servers (providing LF_TRIGGER is > 0), the Slave servers will only block the IP for 3600 secs. I have all set for 3 and 172800 (aggressive, I know), however when sharing a blocked IP, the slaves report "*Blocked in csf* for 3600 secs [LF_CLUSTER]"
LF_CLUSTER does not appear to be a field one can edit, if that indeed would help.
2) Cluster PINGS are being rejected for some reason, one way only, between a couple of the server relationships. (One cannot reach two of the five, another cannot reach one of them) I can ping successfully if I SSH to the server and use CMD line, however when using the Configserver UI, the PING fails. Therefore, info is not shared in those two server relationships and in that direction.
Any suggestions appreciated. I have checked settings... there are no IP blocks etc.
Re: Initial Cluster Set-up
I am happy to report I discovered the solution to the PING issue I mentioned in anomaly 2 above.
Some of my servers have multiple IP addresses, and Configserver does not necessarily consider the main host name IP to be the "default" IP. In checking "View iptables log (last 100 lines)", I noticed that the ping from one of the blocked servers was coming from one if its alternate IP addresses.
The solution was (and is) to enter the "default" IP address you want to use as the communication IP, in CLUSTER_LOCALADDR.
The instruction states "If a cluster member should send requests on an IP other than the default IP,
set it here"
What I considered the default IP (host name's IP) was not what Configserver (or specifically CLUSTER) considered the defualt IP.
Problem is solved as all servers now PING each other correctly.
Some of my servers have multiple IP addresses, and Configserver does not necessarily consider the main host name IP to be the "default" IP. In checking "View iptables log (last 100 lines)", I noticed that the ping from one of the blocked servers was coming from one if its alternate IP addresses.
The solution was (and is) to enter the "default" IP address you want to use as the communication IP, in CLUSTER_LOCALADDR.
The instruction states "If a cluster member should send requests on an IP other than the default IP,
set it here"
What I considered the default IP (host name's IP) was not what Configserver (or specifically CLUSTER) considered the defualt IP.
Problem is solved as all servers now PING each other correctly.
Re: Initial Cluster Set-up
Regarding anomaly 2 above, it would appear the answer is in being able to set LF_CLUSTER. Interestingly enough, this field is not found in either the CLI or the UI and is not directly accessible... and therefore cannot be set.
Therefore I am assuming that the 3600 setting for a shared DENY from a cluster member is a default setting... and is not changeable.
The only alternative might be if one sets LF_TRIGGER_PERM to "1", in which case the IP is possibly shared as a Permanent block. (have not tested that)
Therefore I am assuming that the 3600 setting for a shared DENY from a cluster member is a default setting... and is not changeable.
The only alternative might be if one sets LF_TRIGGER_PERM to "1", in which case the IP is possibly shared as a Permanent block. (have not tested that)